Opinions are like a%$*oles, everyone has them and they're usually full of &amp;*it! Argue with our Opinion writers or add your own. Who knows... a great opinion post could land you a featured opinion article!

i thought i'd start a topic similar to the old "real programmers <programming related joke>"

i'll start: "real hackers don't use web browsers they telnet all the info off the servers" or "real hackers wish the celebrated the day before their birth because it was the greatest exploit of all time" or " real hackers don't drink coffee they inject it into their arm's vein that has the most traffic"

I copied this from somewhere. I can't remember where sorry if I am stepping on some ones IP. Enjoy!!

You know you're a computer security professional when:

You not only lock your laptop with a physical cable leash, but you change the combination of the lock when it's not in use so that it can't be "compromised".

Although you have no ill intent, you spend no small amount of your downtime in airports thinking of ways to circumvent TSA security -- and you've come up with several can't-miss terrorist ideas that even Jack Bauer couldn't stop.

You lock your screensaver with twice as much insistence when security friends are around than when strangers are, because you're not nearly as worried about a stranger's intentions.

You're immediately discontent with all newly announced security solutions, even before you know anything beyond the name.

Having extralong passwords that you must type over and over again to get correct is not a bother.

You have a database program to store all your passwords, but even it doesn't contain a single, decoded password.

When you read industry-mandated security guidelines, you chuckle at all the newbie mistakes.

You secretly hope you don't miss a big virus outbreak while you are out on vacation.

Any security book you read is covered in pen from the technical corrections you've made.

You've so fine-tuned your personal computer's host-based firewall that you are sure it is causing problems with legitimate programs, but you really don't care.

You fantasize about a job where you could bust into the house of unsuspecting malicious hackers and take them away to jail.

You've got a new car with a built-in GPS and computer, but you are constantly worried about how easy it would be to hack.

You suspect that every banner and Flash ad on every Web site is hosting malicious JavaScript.

You loath government interference with the Internet because you know they will only mess it up more and not fix the problem (see CAN-SPAM Act).

When you hear that we've arrested some big spammer, you have the same nonreaction as when you hear we've arrested Al-Qaeda's No. 2 person ... again.

You resist every new application install because of the new attack vector opportunities it will bring.

You know that mobile small-form-factor computers have almost no security.

Your cell phone is password-protected.

You resent having to give out your Social Security number to any person or company, especially because you have never given it when dealing with the Social Security administration.

You already own or covet one of those special screen covers that prevent people on either side of you of from reading your screen.

You can't prevent yourself from laughing out loud when someone announces they think that computer viruses, buffer overflows, or whatever will be solved in five years.

You hate upgrading your computer because it means spending days trying to copy and convert all your cool hacker and anti-hacker tools to the new system.

You have solid friends on computer security discussion lists, whom you know would be there for you in a life-crisis pinch but that you've never met in person or talked to on the phone.

Although you never try to shoulder surf other people's passwords, you can always tell by sound alone when they haven't typed one that is eight characters or more, and you chuckle inside.

When someone hands you their USB key to copy something, you always decline, and instead offer your known, clean USB key. You would also prefer one-time, disposable, Tupperware-like memory drives if they existed.

You always slow down when reading security guidance looking for the words "should," "must," "never," and "always" -- and you understand their importance.

By the time you read a CERT security bulletin, you've known about the issue for several days.

You always investigate SSL certificate errors when they come up in your browser.

Finally, you know you're a computer security person when you have so frequently spoken passionately to complete strangers about computer security and the frustration it entails that you know what it's like to be covered in sweat -- and the listening party to have a look on their face that says they didn't know what they were in for.

a while back i was meeting a customer that requested some services from us and we wanted to meet to get some more information about the issue and scope of the project.

After half an hour talking management stuff about the project i got the question what my role would be in this project. i explained i was going to be the one that would perform the pentest/security audit and they looked at me like they saw water burn.

immediately i got the question why i didnt look like a hacker (i was wearing a suit as always when i need to look representative). i explained that not all computer intellects look like either a 13 yr old, pony tailed script kiddie living in the attic of his parents house with a semi-black iron maiden shirt from a concert back in '92 with paled skin and skinny arms or like a 40 yr old with a huge beard, "linux inside" shirt, living in the basement of his parents house with a weight problem. ofcourse i put it out there a little more subtle but the reaction was great!

gotta love stereotypes...

Last edited by j0rDy on Mon Mar 29, 2010 4:55 am, edited 1 time in total.

CISSP, CEH, ECSA, OSCP, OSWP, eCPPT, eWAPT

earning my stripes appears to be a road i must travel alone...with a little help of EH.net